[RFC][PATCH] (#4) auditfs
Timothy R. Chavez
chavezt at gmail.com
Tue Feb 22 20:57:35 UTC 2005
On Tue, 22 Feb 2005 15:07:59 -0500, Stephen Smalley <sds at tycho.nsa.gov> wrote:
> On Tue, 2005-02-22 at 10:42 -0600, Timothy R. Chavez wrote:
> > Three hooks for dynamically assigning watches:
> > d_splice_alias, d_move, d_instantiate
> >
> > Five hooks for dynamically adding watches to our context:
> > permission, exec_permission_lite, vfs_read, vfs_write, vfs_unlink
>
> I'm a little unclear on what the hook call in vfs_unlink is buying you
> if it is only passing the dir (not the dentry). vfs_unlink already
> calls may_delete() and ultimately passes the dir to a permission() call
> to check write and search access to the parent directory, so your hook
> in permission() will cover the attempt to access it. Don't you want to
> pass the dentry here instead? And won't there be similar issues for
> vfs_rmdir?
Right, i need to pass the dentry->d_inode, my mistake. Thanks
>
> --
> Stephen Smalley <sds at tycho.nsa.gov>
> National Security Agency
>
>
--
- Timothy R. Chavez
More information about the Linux-audit
mailing list